Highlights of Report Number: †2013-23-119 to the Internal Revenue Service
Chief Technology Officer.

IMPACT ON TAXPAYERS

In
March 2010, the President signed into law the Health Care and Education
Reconciliation Act of 2010 and the Patient Protection and Affordable Care Act
(ACA) (collectively referred to as the ACA).† The ACA law seeks to provide more
Americans with access to affordable health care.† The Premium Tax Credit (PTC)
Project falls under the IRS ACA Program.† Beginning January 2014, eligible
taxpayers who purchase health insurance through an Exchange may qualify for and
request a refundable tax credit (the PTC) to assist with paying their health
insurance premium.† The credit is claimed on the taxpayerís Federal tax return
at the end of each coverage year.†Because
it is a refundable credit, †taxpayers
who have little or no income tax liability can still benefit.† The PTC can also
be paid in advance to a taxpayerís health insurance provider to help cover the
cost of premiums.† This credit is referred to as the Advanced Premium Tax
Credit (APTC).

WHY TIGTA DID THE AUDIT

The overall objective of this
review was to determine if the IRS is adequately managing systems development
risks for the PTC Project.† TIGTA evaluated the IRSís key management controls
and processes for risk management, requirements and change management, testing,
security, and fraud detection for the PTC Project, which is being developed in
the IRSís new Enterprise Life Cycle Iterative Path.

WHAT TIGTA FOUND

The IRS
has completed development and testing for the PTC Computation Engine (PTC-CE)
needed to calculate the APTC and the Remainder Benchmark Household
Contribution.† In addition, the IRS developed a process to verify the accuracy
of the PTC-CE calculations.† However, improvements are needed to ensure the long-term
success of the PTC Project by adherence to systems development controls for:†
(1) configuration and change management; (2) interagency test management
process; (3) security; and (4) fraud detection and mitigation, in accordance
with applicable guidance.

WHAT TIGTA RECOMMENDED

TIGTA made seven recommendations to the IRS
Chief Technology Officer.† In managementís response to the report, the IRS
agreed with six of the recommendations and plans to implement corrective
actions.

However, the IRS disagreed with one of our
recommendations to ensure that the Cybersecurity organization resolves or
develops an action plan for the failed security tests. TIGTA maintains that
this recommendation should be addressed to verify that corrective measures for
failed controls have been implemented.

READ THE FULL REPORT

To view the report, including the scope, methodology,
and full IRS response, go to: †